nginx
diff --git a/‎docs/config/production/config.toml‎
Lines changed: 1 addition & 1 deletion b/‎docs/config/production/config.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/config/staging/config.toml‎
Lines changed: 1 addition & 1 deletion b/‎docs/config/staging/config.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/content/app-protect/configuration.md‎
Lines changed: 2 additions & 2 deletions b/‎docs/content/app-protect/configuration.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/content/app-protect/installation.md‎
Lines changed: 3 additions & 3 deletions b/‎docs/content/app-protect/installation.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎docs/content/configuration/global-configuration/globalconfiguration-resource.md‎
Lines changed: 0 additions & 12 deletions b/‎docs/content/configuration/global-configuration/globalconfiguration-resource.md‎
Lines changed: 0 additions & 12 deletions
diff --git a/‎docs/content/configuration/ingress-resources/advanced-configuration-with-annotations.md‎
Lines changed: 9 additions & 9 deletions b/‎docs/content/configuration/ingress-resources/advanced-configuration-with-annotations.md‎
Lines changed: 9 additions & 9 deletions
diff --git a/‎docs/content/configuration/ingress-resources/basic-configuration.md‎
Lines changed: 2 additions & 2 deletions b/‎docs/content/configuration/ingress-resources/basic-configuration.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/content/configuration/policy-resource.md‎
Lines changed: 5 additions & 34 deletions b/‎docs/content/configuration/policy-resource.md‎
Lines changed: 5 additions & 34 deletions
@@ -1,4 +1,4 @@
-baseURL = "/nginx-ingress-controller/"
+baseURL = "https://docs.nginx.com/nginx-ingress-controller/"
 title = "NGINX Ingress Controller"
 publishDir = "public/nginx-ingress-controller"
 canonifyURLs = false
 
@@ -1,4 +1,4 @@
-baseURL = "/nginx-ingress-controller/"
+baseURL = "https://docs-staging.nginx.com/nginx-ingress-controller/"
 title = "STAGING -- NGINX Docs"
 publishDir = "public/nginx-ingress-controller"
 canonifyURLs = false
@@ -36,7 +36,7 @@ To add any [App Protect policy](/nginx-app-protect/policy/#policy) to an Ingress
 
    > **Note**: The relationship between the Policy JSON and the resource spec is 1:1. If you're defining your resources in YAML, as we do in our examples, you'll need to represent the policy as YAML. The fields must match those in the source JSON exactly in name and level.
 
-  For example, say you want to use the [DataGuard policy](/nginx-app-protect/policy/#data-guard) shown below:
+  For example, say you want to use the [DataGuard policy](/nginx-app-protect/policy/#policy/data-guard) shown below:
 
   ```json
   {
@@ -107,7 +107,7 @@ To add the [App Protect log configurations](/nginx-app-protect/configuration/#se
 
    > **Note**: The fields from the JSON must be presented in the YAML *exactly* the same, in name and level. The Ingress Controller will transform the YAML into a valid JSON App Protect log config.
 
-For example, say you want to [log state changing requests](/nginx-app-protect/troubleshooting/#log-state-changing-requests) for your Ingress resources using App Protect. The App Protect log configuration looks like this:
+For example, say you want to [log state changing requests](/nginx-app-protect/configuration/#security-log-configuration-file) for your Ingress resources using App Protect. The App Protect log configuration looks like this:
 
 ```json
 {
 
@@ -65,12 +65,12 @@ Take the steps below to create the Docker image that you'll use to deploy NGINX
 
 Take the steps below to set up and deploy the NGINX Ingress Controller and App Protect module in your Kubernetes cluster.
 
-1. [Configure role-based access control (RBAC)](/nginx-ingress-controller/installation/installation-with-manifests/#configure-rbac).
+1. [Configure role-based access control (RBAC)](/nginx-ingress-controller/installation/installation-with-manifests/#1-configure-rbac).
 
     > **Important**: You must have an admin role to configure RBAC in your Kubernetes cluster.
 
-2. [Create the common Kubernetes resources](/nginx-ingress-controller/installation/installation-with-manifests/#create-common-resources).
+2. [Create the common Kubernetes resources](/nginx-ingress-controller/installation/installation-with-manifests/#2-create-common-resources).
 3. Enable the App Protect module by adding the `enable-app-protect` [cli argument](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-enable-app-protect) to your Deployment or DaemonSet file.
-4. [Deploy the Ingress Controller](/nginx-ingress-controller/installation/installation-with-manifests/#deploy-the-ingress-controller).
+4. [Deploy the Ingress Controller](/nginx-ingress-controller/installation/installation-with-manifests/#3-deploy-the-ingress-controller).
 
 For more information, see the [Configuration guide](/nginx-ingress-controller/app-protect/configuration) and the [NGINX Ingress Controller with App Protect examples on GitHub](https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.0/examples/appprotect).
@@ -14,18 +14,6 @@ The resource supports configuring listeners for TCP and UDP load balancing. List
 
 > **Feature Status**: The GlobalConfiguration resource is available as a preview feature: it is suitable for experimenting and testing; however, it must be used with caution in production environments. Additionally, while the feature is in preview, we might introduce some backward-incompatible changes to the resource specification in the next releases.
 
-## Contents
-
-- [GlobalConfiguration Resource](#globalconfiguration-resource)
-  - [Contents](#contents)
-  - [Prerequisites](#prerequisites)
-  - [GlobalConfiguration Specification](#globalconfiguration-specification)
-    - [Listener](#listener)
-  - [Using GlobalConfiguration](#using-globalconfiguration)
-    - [Validation](#validation)
-      - [Structural Validation](#structural-validation)
-      - [Comprehensive Validation](#comprehensive-validation)
-
 ## Prerequisites
 
 When [installing](/nginx-ingress-controller/installation/installation-with-manifests) the Ingress Controller, you need to reference a GlobalConfiguration resource in the [`-global-configuration`](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments#cmdoption-global-configuration) command-line argument. The Ingress Controller only needs one GlobalConfiguration resource.
 
@@ -196,12 +196,12 @@ The table below summarizes the available annotations.
 
 **Note**: The App Protect annotations only work if App Protect module is [installed](/nginx-ingress-controller/app-protect/installation/).
 
-{{% table %}}
-|Annotation | ConfigMap Key | Description | Default | Example |
-| ---| ---| ---| ---| --- |
-|``appprotect.f5.com/app-protect-policy`` | N/A | The name of the App Protect Policy for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace of the Ingress Resource is used. If not specified but ``appprotect.f5.com/app-protect-enable`` is true, a default policy id applied. If the referenced policy resource does not exist, or policy is invalid, this annotation will be ignored, and the default policy will be applied. | N/A | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.0/examples/appprotect). |
-|``appprotect.f5.com/app-protect-enable`` | N/A | Enable App Protect for the Ingress Resource. | ``False`` | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.0/examples/appprotect). |
-|``appprotect.f5.com/app-protect-security-log-enable`` | N/A | Enable the [security log](/nginx-app-protect/troubleshooting/#app-protect-security-log) for App Protect. | ``False`` | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.0/examples/appprotect). |
-|``appprotect.f5.com/app-protect-security-log`` | N/A | The App Protect log configuration for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace as the Ingress Resource is used. If not specified the  default is used which is:  filter: ``illegal``, format: ``default``. Multiple configurations can be specified in a comma seperated list. Both log configurations and destinations list (see below) must be of equal length. Configs and destinations are paired by the list indices. | N/A | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.0/examples/appprotect). |
-|``appprotect.f5.com/app-protect-security-log-destination`` | N/A | The destination of the security log. For more information check the [DESTINATION argument](/nginx-app-protect/troubleshooting/#app-protect-security-log). Multiple destinations can be specified in a coma seperated list.  Both log configurations and destinations list (see above) must be of equal length. Configs and destinations are paired by the list indices. | ``syslog:server=localhost:514`` | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.0/examples/appprotect). |
-{{% /table %}}
+{{% table %}} 
+|Annotation | ConfigMap Key | Description | Default | Example | 
+| ---| ---| ---| ---| --- | 
+|``appprotect.f5.com/app-protect-policy`` | N/A | The name of the App Protect Policy for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace of the Ingress Resource is used. If not specified but ``appprotect.f5.com/app-protect-enable`` is true, a default policy id applied. If the referenced policy resource does not exist, or policy is invalid, this annotation will be ignored, and the default policy will be applied. | N/A | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.0/examples/appprotect). | 
+|``appprotect.f5.com/app-protect-enable`` | N/A | Enable App Protect for the Ingress Resource. | ``False`` | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.0/examples/appprotect). | 
+|``appprotect.f5.com/app-protect-security-log-enable`` | N/A | Enable the [security log](/nginx-app-protect/troubleshooting/#app-protect-logging-overview) for App Protect. | ``False`` | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.0/examples/appprotect). | 
+|``appprotect.f5.com/app-protect-security-log`` | N/A | The App Protect log configuration for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace as the Ingress Resource is used. If not specified the  default is used which is:  filter: ``illegal``, format: ``default``. Multiple configurations can be specified in a comma seperated list. Both log configurations and destinations list (see below) must be of equal length. Configs and destinations are paired by the list indices. | N/A | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.0/examples/appprotect). | 
+|``appprotect.f5.com/app-protect-security-log-destination`` | N/A | The destination of the security log. For more information check the [DESTINATION argument](/nginx-app-protect/troubleshooting/#app-protect-logging-overview). Multiple destinations can be specified in a coma separated list.  Both log configurations and destinations list (see above) must be of equal length. Configs and destinations are paired by the list indices. | ``syslog:server=localhost:514`` | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.0/examples/appprotect). | 
+{{% /table %}} 
@@ -97,13 +97,13 @@ Starting from Kubernetes 1.18, you can use the following new features:
       - host: cafe.example.com
     . . .
   ```
-  When using this filed you need to create the `IngressClass` resource with the corresponding `name`. See Step 3 *Create an IngressClass resource* of the [Create Common Resources](/nginx-ingress-controller/installation/installation-with-manifests/#create-common-resources) section.
+  When using this filed you need to create the `IngressClass` resource with the corresponding `name`. See Step 3 *Create an IngressClass resource* of the [Create Common Resources](/nginx-ingress-controller/installation/installation-with-manifests/#2-create-common-resources) section.
 
 ## Restrictions
 
 The NGINX Ingress Controller imposes the following restrictions on Ingress resources:
 * When defining an Ingress resource, the `host` field is required.
-* The `host` value needs to be unique among all Ingress and VirtualServer resources unless the Ingress resource is a [mergeable minion](/nginx-ingress-controller/configuration/ingress-resources/cross-namespace-configuration/). See also [Handling Host Collisions](/nginx-ingress-controller/configuration/handling-host-collisions).
+* The `host` value needs to be unique among all Ingress and VirtualServer resources unless the Ingress resource is a [mergeable minion](/nginx-ingress-controller/configuration/ingress-resources/cross-namespace-configuration/). See also [Handling Host and Listener Collisions](/nginx-ingress-controller/configuration/handling-host-and-listener-collisions).
 
 ## Advanced Configuration
 
 
@@ -14,35 +14,6 @@ The resource is implemented as a [Custom Resource](https://kubernetes.io/docs/co
 
 This document is the reference documentation for the Policy resource. An example of a Policy for access control is available in our [GitHub repo](https://github.com/nginxinc/kubernetes-ingress/blob/v1.12.0/examples-of-custom-resources/access-control).
 
-## Contents
-
-- [Policy Resource](#policy-resource)
-  - [Contents](#contents)
-  - [Prerequisites](#prerequisites)
-  - [Policy Specification](#policy-specification)
-    - [AccessControl](#accesscontrol)
-      - [AccessControl Merging Behavior](#accesscontrol-merging-behavior)
-    - [RateLimit](#ratelimit)
-      - [RateLimit Merging Behavior](#ratelimit-merging-behavior)
-    - [JWT](#jwt)
-      - [JWT Merging Behavior](#jwt-merging-behavior)
-    - [IngressMTLS](#ingressmtls)
-      - [IngressMTLS Merging Behavior](#ingressmtls-merging-behavior)
-    - [EgressMTLS](#egressmtls)
-      - [EgressMTLS Merging Behavior](#egressmtls-merging-behavior)
-    - [OIDC](#oidc)
-      - [Prerequisites](#prerequisites-1)
-      - [Limitations](#limitations)
-      - [OIDC Merging Behavior](#oidc-merging-behavior)
-  - [Using Policy](#using-policy)
-    - [WAF](#waf)
-      - [WAF Merging Behavior](#waf-merging-behavior)
-    - [Applying Policies](#applying-policies)
-    - [Invalid Policies](#invalid-policies)
-    - [Validation](#validation)
-      - [Structural Validation](#structural-validation)
-      - [Comprehensive Validation](#comprehensive-validation)
-
 ## Prerequisites
 
 Policies work together with [VirtualServer and VirtualServerRoute resources](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/), which you need to create separately.
@@ -190,7 +161,7 @@ action:
       - name: alg
         value: ${jwt_header_alg}
 ```
-We use the `requestHeaders` of the [Action.Proxy](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#action-proxy) to set the values of two headers that NGINX will pass to the upstream servers.
+We use the `requestHeaders` of the [Action.Proxy](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#actionproxy) to set the values of two headers that NGINX will pass to the upstream servers.
 
 The value of the `${jwt_claim_user}` variable is the `user` claim of a JWT. For other claims, use `${jwt_claim_name}`, where `name` is the name of the claim. Note that nested claims and claims that include a period (`.`) are not supported. Similarly, use `${jwt_header_name}` where `name` is the name of a header. In our example, we use the `alg` header.
 
@@ -230,8 +201,8 @@ ingressMTLS:
 ```
 
 A VirtualServer that references an IngressMTLS policy must:
-* Enable [TLS termination](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserver-tls).
-* Reference the policy in the VirtualServer [`spec`](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserver-specification). It is not allowed to reference an IngressMTLS policy in a [`route `](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserver-route) or in a VirtualServerRoute [`subroute`](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserverroute-subroute).
+* Enable [TLS termination](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualservertls).
+* Reference the policy in the VirtualServer [`spec`](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserver-specification). It is not allowed to reference an IngressMTLS policy in a [`route `](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserverroute) or in a VirtualServerRoute [`subroute`](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserverroutesubroute).
 
 If the conditions above are not met, NGINX will send the `500` status code to clients.
 
@@ -247,7 +218,7 @@ action:
       - name: client-cert
         value: ${ssl_client_escaped_cert} # client certificate in the PEM format (urlencoded)
 ```
-We use the `requestHeaders` of the [Action.Proxy](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#action-proxy) to set the values of the two headers that NGINX will pass to the upstream servers. See the [list of embedded variables](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#variables) that are supported by the `ngx_http_ssl_module`, which you can use to pass the client certificate details.
+We use the `requestHeaders` of the [Action.Proxy](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#actionproxy) to set the values of the two headers that NGINX will pass to the upstream servers. See the [list of embedded variables](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#variables) that are supported by the `ngx_http_ssl_module`, which you can use to pass the client certificate details.
 
 > Note: The feature is implemented using the NGINX [ngx_http_ssl_module](https://nginx.org/en/docs/http/ngx_http_ssl_module.html).
 
@@ -409,7 +380,7 @@ waf:
 |Field | Description | Type | Required | 
 | ---| ---| ---| --- | 
 |``enable`` | Enables NGINX App Protect. | ``bool`` | Yes | 
-|``apPolicy`` | The [App Protect policy](/nginx-ingress-controller/app-protect/configuration/#app-protect-policies/) of the WAF. Accepts an optional namespace. | ``string`` | No | 
+|``apPolicy`` | The [App Protect policy](/nginx-ingress-controller/app-protect/configuration/#app-protect-policies) of the WAF. Accepts an optional namespace. | ``string`` | No | 
 |``securityLog.enable`` | Enables security log. | ``bool`` | No | 
 |``securityLog.apLogConf`` | The [App Protect log conf](/nginx-ingress-controller/app-protect/configuration/#app-protect-logs) resource. Accepts an optional namespace. | ``string`` | No | 
 |``securityLog.logDest`` | The log destination for the security log. Accepted variables are ``syslog:server=<ip-address &#124; localhost>:<port>``, ``stderr``, ``<absolute path to file>``. Default is ``"syslog:server=127.0.0.1:514"``. | ``string`` | No |
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-baseURL = "/nginx-ingress-controller/"`
	`1`	`+baseURL = "https://docs.nginx.com/nginx-ingress-controller/"`
`2`	`2`	`title = "NGINX Ingress Controller"`
`3`	`3`	`publishDir = "public/nginx-ingress-controller"`
`4`	`4`	`canonifyURLs = false`
Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ To add any [App Protect policy](/nginx-app-protect/policy/#policy) to an Ingress`
`36`	`36`
`37`	`37`	`> Note: The relationship between the Policy JSON and the resource spec is 1:1. If you're defining your resources in YAML, as we do in our examples, you'll need to represent the policy as YAML. The fields must match those in the source JSON exactly in name and level.`
`38`	`38`
`39`		`- For example, say you want to use the [DataGuard policy](/nginx-app-protect/policy/#data-guard) shown below:`
	`39`	`+ For example, say you want to use the [DataGuard policy](/nginx-app-protect/policy/#policy/data-guard) shown below:`
`40`	`40`
`41`	`41`	```json
`42`	`42`	`{`
`@@ -107,7 +107,7 @@ To add the [App Protect log configurations](/nginx-app-protect/configuration/#se`
`107`	`107`
`108`	`108`	`> Note: The fields from the JSON must be presented in the YAML exactly the same, in name and level. The Ingress Controller will transform the YAML into a valid JSON App Protect log config.`
`109`	`109`
`110`		`-For example, say you want to [log state changing requests](/nginx-app-protect/troubleshooting/#log-state-changing-requests) for your Ingress resources using App Protect. The App Protect log configuration looks like this:`
	`110`	`+For example, say you want to [log state changing requests](/nginx-app-protect/configuration/#security-log-configuration-file) for your Ingress resources using App Protect. The App Protect log configuration looks like this:`
`111`	`111`
`112`	`112`	```json
`113`	`113`	`{`